A WebEx is Leaking
March 19, 2013 6:39 PM   Subscribe

How to lock down a teleconference to keep out campers, nosy parkers and miscreants?

My firm engages with a third party which is nearing completion of a huge project. There are a number of performance problems we are sorting out with this other firm as we near completion. Unfortunately, the third party hasn't kept its meeting attendee list up to date for our firm, and the WebEx dial-in and passcode are too well known within my organization. Frequently we have more attendees than invited, which is a bad sign. In addition, this third party had their asses handed to them in a meeting last week, somewhat unaccountably, by our c-level citizens.
In short, I'm concerned that people who were excused from my firm on this project still have easy access to meeting information, including the presentation and audio items. Recently I've realized that rumor control is necessary, but I do not want to use a heavy hand outside of excluding people who are out-of-date. Webex's site is crap to the point of a) only including the people you've invited, or b) authenticating participants. Is there any way short of switching to Skype that we can direct our third part to tweak WebEx appropriately?
Thanks in advance.
posted by nj_subgenius to Computers & Internet (11 answers total)
If you want to be in control, you need to have your own concall bridge and not rely on any other parties.

I am still unclear - who owns the WebEx service? Your company, third-party or client?

If it is your company, you should contact WebEx support, explain the situation and I am sure they would give you a different passcode.
posted by jkaczor at 6:46 PM on March 19, 2013

Response by poster: Third party.
Yeah a different passcode is good, but I was interested in whether callback to one's phone and extension actually works (which it appears not to). Thanks for the response, I appreciate it :-)
posted by nj_subgenius at 6:56 PM on March 19, 2013

Most major teleconference systems offer a control panel with the ability to screen callers, put them in a waiting room, lock the conference, get an attendee list/etc.
posted by iamabot at 7:03 PM on March 19, 2013 [1 favorite]

Frequently we have more attendees than invited

You should never, ever let a conference call move forward if there are unknown attendees on the line. If you invite 5 people and webex tells you there are six or seven or eight dialed in, you should ask who those people are. If they refuse to identify themselves just terminate the call. Surely no one would expect you to proceed with unknown people listening in.

This seems pretty basic. I don't understand why you feel like you have to pussyfoot around the situation.
posted by alms at 7:08 PM on March 19, 2013 [15 favorites]

Response by poster: alms, thank you, and I am done with pussyfooting. if we have a mismatch between invitees and participants, we will terminate the call. We hadn't before. Again, t/y
posted by nj_subgenius at 7:22 PM on March 19, 2013 [1 favorite]

Are you listing the calls on a Google Calendar or something that's been shared? Look for leaks.
posted by GilloD at 7:46 PM on March 19, 2013

Maybe try https://join.me/.
posted by Triscuitier at 7:53 PM on March 19, 2013

When people dial into a WebEx meeting, they are prompted for their user ID number. If they don't enter it, they are marked as "Call-in User n". Challenge these people to identify themselves. I don't recall at this moment whether the meeting host can boot people from a meeting, but I am fairly sure that they can. If you need to know ASAP, I can fire up a test meeting and find out for you.
posted by TheNewWazoo at 8:19 PM on March 19, 2013

Best answer: Yes, you can boot users from a Webex meeting but you have to be the host. It doesn't sound like you're the host here (or you could manage the attendees list so much better). From their help docs:

Removing an attendee from a meeting

The meeting host can remove an attendee from a meeting at any time.

To remove an attendee from a meeting:
In the Meeting window, open the Participants panel.
Select the name of the attendee whom you want to remove from the meeting.
On the Participant menu, choose Expel.
A confirmation message appears, in which you can verify that you want to remove the attendee from the meeting.

Click Yes.
The attendee is removed from the meeting.

You can also restrict access (again, if you're the host):

Restricting access to a meeting

Once a host starts a meeting, the host can restrict access to it at any time. This option prevents anyone from joining the meeting, including attendees who have been invited to the meeting but have not yet joined it.

To restrict access to a meeting:
In the Meeting window, on the Meeting menu, choose Restrict Access.
Attendees can no longer join the meeting.

Optional. To restore access to the meeting, on the Meeting menu, choose Restore Access.

I have personally used callback as an attendee to a Webex and it does work (though this was to a direct line, not a line+extension). But I think that's a request made by an attendee, not required by the host.

There is something about call-in authentication but I've never used it.

Using an authentication PIN
If you have a host account, and your site is enabled for CLI (caller line identification), or ANI (automatic number identification) audio conferences, you can use an authentication PIN to prevent "spoofers" from using your number to dial into an audio conference.

If your site administrator sets the authentication PIN as mandatory for all accounts using call-in authentication on your site, then you must specify a PIN number or caller authentication will be disabled for your account.

To specify an authentication PIN:

Log in to your Meeting Center Web site.
On the navigation bar, click My WebEx.
Click My Profile.
The My WebEx Profile page appears.

Under Personal Information, in the PIN: text box, enter a 4-digit PIN number of your choosing.
Click Update.


Really, it sounds like the problem is that neither can this other party get your work done, they can't even manage the Webex which is pretty pathetic. So I'd take that away and manage it yourself if you can.
posted by marylynn at 9:31 PM on March 19, 2013 [4 favorites]

The whole thing sounds like a gigantic mess on so many levels that I don't know where to start. Somebody somewhere has to have been asleep at the switch for a long time to let things get this bad. Why are you not able to identify all of the members of a conference call? Why can people just walk into a conference call without a specific invitation, for that matter? These are not normal, minor problems. These are major, negligent, unconscionable, gaping holes.

Third Party sounds totally incompetent and dysfunctional. You need to take control of the conference call process. For instance you could just declare that you are only going to conference with them over Skype from now on for security reasons, or if your company has its own internal conference system which is secure then you could insist on that. I definitely would absolutely refuse to conference with Third Party via their sketchy-ass WebEx system ever again, period.

If you are not in a position to put your foot down about this, then you have a real problem on your hands.
posted by Scientist at 9:34 PM on March 19, 2013

My employer uses ReadyTalk rather than WebEx, but the first thing that comes to mind is to start using a per-call security code, which you distribute only to the people who are supposed to be on the call. When the call is running, do a roll-call and ensure that each connected phone line checks in and is somebody authorized. (ReadyTalk has an indicator of which line is speaking, which would make it easier to be sure everyone had checked in; I don't know if WebEx does.)
posted by Lexica at 6:20 PM on March 20, 2013

« Older What's a good car service from Brooklyn to...   |   What's strong enough for a man, but made for a ...... Newer »
This thread is closed to new comments.